Commit id 093a0c867f36417af69b2dfabb804a65d0f7a9f8: CI-CD build and deploy docker images based on the commit id in the main branch #3558
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-CD build and deploy docker images based on the last commit in the target branch | |
| run-name: "Commit id ${{ github.sha }}: CI-CD build and deploy docker images based on the commit id in the ${{ inputs.checkout_ref == '' && github.ref_name || inputs.checkout_ref }} branch" | |
| env: | |
| APPLICATION: "erigon" | |
| APP_REPO: "erigontech/erigon" | |
| DOCKERHUB_REPOSITORY: "erigontech/erigon" | |
| LABEL_DESCRIPTION: "[docker image built on a last commit id from the main branch] Erigon is an implementation of Ethereum (execution layer with embeddable consensus layer), on the efficiency frontier. Archive Node by default." | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'docker_pectra' | |
| paths-ignore: | |
| - '.github/**' | |
| workflow_dispatch: | |
| inputs: | |
| checkout_ref: | |
| required: false | |
| type: string | |
| default: '' | |
| description: 'The branch to checkout and build artifacts from (in case of manual run). Important: the Docker image tag is generated automatically from the branch name by removing everything before the last slash. For example, for the branch "feature/user/my-cool-change", the tag will be "my-cool-change". Default is "" .' | |
| jobs: | |
| Build: | |
| # runs-on: ubuntu-latest | |
| runs-on: [devops-01-self-hosted] | |
| timeout-minutes: 45 | |
| outputs: | |
| docker_build_tag: ${{ steps.built_tag_export.outputs.docker_build_tag }} | |
| steps: | |
| - name: Cleanup workspace | |
| run: | | |
| rm -drf $(pwd)/* | |
| - name: Fast checkout git repository, git ref ${{ inputs.checkout_ref == '' && github.ref_name || inputs.checkout_ref }} | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ env.APP_REPO }} | |
| fetch-depth: 1 | |
| ref: ${{ inputs.checkout_ref == '' && github.ref || inputs.checkout_ref }} | |
| path: 'erigon' | |
| - name: Define variables | |
| id: def_docker_vars | |
| ## Idea is: | |
| ## latest image: erigontech/erigon:${tag_name}${latest_suffix} | |
| ## commit id image: erigontech/erigon:${tag_name}-${short_commit_id} | |
| env: | |
| CHECKOUT_REF: ${{ inputs.checkout_ref }} | |
| run: | | |
| branch_name="${{ inputs.checkout_ref == '' && github.ref_name || inputs.checkout_ref }}" | |
| case "$branch_name" in | |
| "main" ) | |
| export tag_name='main'; | |
| export keep_images=100; | |
| export latest_suffix='-latest' | |
| export binaries="erigon integration rpcdaemon" | |
| ;; | |
| "docker_pectra" ) | |
| export tag_name='docker_pectra'; | |
| export keep_images=5; | |
| export latest_suffix=''; | |
| export binaries="erigon caplin diag downloader evm hack integration rpcdaemon rpctest sentinel sentry state txpool" | |
| ;; | |
| * ) | |
| # use last string after last slash '/' by default if branch contains slash: | |
| export tag_name=$(echo $CHECKOUT_REF | sed -e 's/.*\///g' ); | |
| export keep_images=0; | |
| export latest_suffix='' | |
| export binaries="erigon" | |
| ;; | |
| esac | |
| echo "tag_name=${tag_name}" >> $GITHUB_OUTPUT | |
| echo "keep_images=${keep_images}" >> $GITHUB_OUTPUT | |
| echo "latest_suffix=${latest_suffix}" >> $GITHUB_OUTPUT | |
| echo "binaries=${binaries}" >> $GITHUB_OUTPUT | |
| echo "Debug ${tag_name} ${keep_images} ${latest_suffix} ${binaries}" | |
| - name: Get commit id | |
| id: getCommitId | |
| run: | | |
| cd erigon | |
| echo "id=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| echo "short_commit_id=$(git rev-parse --short=7 HEAD)" >> $GITHUB_OUTPUT | |
| cd .. | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 ## v3.3.0 | |
| with: | |
| username: ${{ secrets.ORG_DOCKERHUB_ERIGONTECH_USERNAME }} | |
| password: ${{ secrets.ORG_DOCKERHUB_ERIGONTECH_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: docker-buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push multi-platform docker image based on the commit id ${{ steps.getCommitId.outputs.short_commit_id }} in the ${{ GITHUB.BASE_REF }} branch | |
| id: built_tag_export | |
| env: | |
| BUILD_VERSION: "${{ steps.def_docker_vars.outputs.tag_name }}-${{ steps.getCommitId.outputs.short_commit_id }}" | |
| BUILD_VERSION_LATEST: "${{ steps.def_docker_vars.outputs.tag_name }}${{ steps.def_docker_vars.outputs.latest_suffix }}" | |
| DOCKER_PUBLISH_CONDITION: ${{ steps.def_docker_vars.outputs.keep_images > 0 && format('--tag {0}:{1} ', env.DOCKER_URL, env.BUILD_VERSION) || '' }} | |
| DOCKER_URL: ${{ env.DOCKERHUB_REPOSITORY }} | |
| DOCKERFILE_PATH: Dockerfile | |
| run: | | |
| echo "Create build cache directories in case it is not yet extracted from existing cache" | |
| echo "docker_build_tag=${{ env.BUILD_VERSION }}" >> $GITHUB_OUTPUT | |
| cd erigon | |
| docker buildx build \ | |
| --file ${{ env.DOCKERFILE_PATH }} \ | |
| --build-arg BINARIES='${{ steps.def_docker_vars.outputs.binaries }}' \ | |
| --attest type=provenance,mode=max \ | |
| --no-cache \ | |
| --sbom=true \ | |
| ${{ steps.def_docker_vars.outputs.keep_images > 0 && format('--tag {0}:{1} ', env.DOCKER_URL, env.BUILD_VERSION) || '' }} \ | |
| --tag ${{ env.DOCKER_URL }}:${{ env.BUILD_VERSION_LATEST }} \ | |
| --label org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ | |
| --label org.opencontainers.image.authors="https://github.com/erigontech/erigon/graphs/contributors" \ | |
| --label org.opencontainers.image.url="https://github.com/erigontech/erigon/blob/${{ inputs.checkout_ref == '' && github.ref || inputs.checkout_ref }}/Dockerfile" \ | |
| --label org.opencontainers.image.documentation="https://docs.erigon.tech/" \ | |
| --label org.opencontainers.image.source="https://github.com/erigontech/erigon" \ | |
| --label org.opencontainers.image.version=${{ steps.getCommitId.outputs.id }} \ | |
| --label org.opencontainers.image.revision=${{ steps.getCommitId.outputs.id }} \ | |
| --label org.opencontainers.image.vcs-ref-short=${{ steps.getCommitId.outputs.short_commit_id }} \ | |
| --label org.opencontainers.image.vendor="${{ github.repository_owner }}" \ | |
| --label org.opencontainers.image.description="${{ env.LABEL_DESCRIPTION }}" \ | |
| --push \ | |
| --platform linux/amd64,linux/arm64 . | |
| echo "Docker build and push done" | |
| - name: export and print docker build tag, cleanup old docker images | |
| env: | |
| BUILD_VERSION: "${{ steps.def_docker_vars.outputs.tag_name }}-${{ steps.getCommitId.outputs.short_commit_id }}" | |
| BUILD_VERSION_LATEST: "${{ steps.def_docker_vars.outputs.tag_name }}${{ steps.def_docker_vars.outputs.latest_suffix }}" | |
| BUILD_VERSION_CONDITION: ${{ steps.def_docker_vars.outputs.keep_images > 0 && format('{0}:{1} ',env.DOCKER_URL,env.BUILD_VERSION) || '' }} | |
| DOCKER_URL: ${{ env.DOCKERHUB_REPOSITORY }} | |
| TAG_KEY: ${{ steps.def_docker_vars.outputs.tag_name }} | |
| KEEP_IMAGES: ${{ steps.def_docker_vars.outputs.keep_images }} | |
| run: | | |
| HTTP_RESP=$(curl -s -o ./resp1 -w "%{http_code}" \ | |
| -X POST -H "Content-Type: application/json" \ | |
| -d '{ | |
| "identifier": "'"${{ secrets.ORG_DOCKERHUB_ERIGONTECH_USERNAME }}"'", | |
| "secret": "'"${{ secrets.ORG_DOCKERHUB_ERIGONTECH_TOKEN }}"'" | |
| }' \ | |
| https://hub.docker.com/v2/auth/token/) | |
| if [ "$HTTP_RESP" -ne "200" ]; then | |
| echo ERROR: HTTP response $HTTP_RESP from https://hub.docker.com/v2/auth/token/ | |
| fi | |
| DOCKER_JWT=$(jq -r .access_token ./resp1) | |
| rm -f ./resp1 | |
| echo The following docker images have been published: | |
| echo "${{ env.DOCKERHUB_REPOSITORY }}:${{ env.BUILD_VERSION_LATEST }}" | |
| echo "${{ steps.def_docker_vars.outputs.keep_images > 0 && format('{0}:{1} ',env.DOCKER_URL,env.BUILD_VERSION) || '' }} (empty, if keep_images is 0)" | |
| echo | |
| echo "Cleanup old docker images matching pattern tag ~= ${{ env.TAG_KEY }}-XXXXXXX (where XXXXXXX is a short Commit IDs)" | |
| echo "Only last $KEEP_IMAGES images will be kept." | |
| curl_cmd="curl -s -H \"Authorization: Bearer ${DOCKER_JWT}\" " | |
| dockerhub_url='https://hub.docker.com/v2/namespaces/erigontech/repositories/erigon' | |
| ## getting all pages in a loop from dockerhub and grepping required tag from the list of tags: | |
| my_list () { | |
| # First page: | |
| next_page="$dockerhub_url/tags?page=1&page_size=100" | |
| while [ "$next_page" != "null" ] | |
| do | |
| # Print tags and push dates for tags matching "${{ env.TAG_KEY }}-": | |
| $curl_cmd $next_page | jq -r '.results|.[]|.name + " " + .tag_last_pushed' | grep '${{ env.TAG_KEY }}-' || true | |
| next_page=`$curl_cmd $next_page | jq '.next' | sed -e 's/^\"//' -e 's/\"$//'` | |
| done | |
| } | |
| echo "DEBUG: full list of images:" | |
| my_list | |
| echo "DEBUG: end of the list." | |
| my_list | tail -n+${{ env.KEEP_IMAGES }} | while read line; do | |
| echo -n "Removing docker image/published - $line " | |
| current_image=$(echo $line | sed -e 's/^\(${{ env.TAG_KEY }}-.\{7\}\) .*/\1/') | |
| output_code=$(curl --write-out %{http_code} --output curl-output.log \ | |
| -s -X DELETE -H "Accept: application/json" \ | |
| -H "Authorization: Bearer ${DOCKER_JWT}" \ | |
| https://hub.docker.com/v2/repositories/erigontech/erigon/tags/${current_image} ) | |
| if [ $output_code -ne 204 ]; then | |
| echo "ERROR: failed to remove docker image erigon:${current_image}" | |
| echo "ERROR: API response: $(cat curl-output.log)." | |
| else | |
| echo -n " - removed. " | |
| fi | |
| echo "Done." | |
| done |